public async Task <IEnumerable <Claim> > GetCustomClaims(ClaimsPrincipal subject, IEnumerable <string> requestedClaims, IEnumerable <ParsedScopeValue> parsedScopes) { var nationalIdentifier = subject?.Claims?.FirstOrDefault(c => c.Type == InternalClaims.NationalIdentifier)?.Value; if (!nationalIdentifier.CanDetermineAge() || nationalIdentifier.IsPersonYoungerThanAgeLimit(_verificationLimitConfig.MinimumAgeInYears)) { // Return only underaged claims: Too young or can't determine age return(GetClaimsForUnderagedPerson()); } try { bool skipMsisLookup = parsedScopes?.Select(p => p.ParsedName.ToLower()).Contains(VerificationScopes.SkipMsisLookup) == true; var originalClaims = subject.Claims.ToList(); var pseudonym = originalClaims .FirstOrNone(x => x.Type == InternalClaims.Pseudonym) .Map(x => x.Value) .ValueOr(subject.Identity.Name); var nationalIdentifierClaim = originalClaims.FirstOrNone(x => x.Type == InternalClaims.NationalIdentifier); var customClaims = new List <Claim>(); if (VerificationResult.RequestedClaimsRequiresVerification(requestedClaims)) { var verificationResult = await nationalIdentifierClaim.MatchAsync( none : async() => { var isPinVerified = originalClaims .FirstOrNone(x => x.Type == InternalClaims.PinVerified) .Map(x => x.Value == "true") .ValueOr(false); return(await _mediator.Send(new VerifyPinUser.Command(pseudonym, isPinVerified, skipMsisLookup))); }, some : natIdent => _mediator.Send(new VerifyIdentifiedUser.Command(natIdent.Value, pseudonym, skipMsisLookup))); customClaims.AddRange(verificationResult.GetVerificationClaims()); } if (_anonymousTokensConfig.Enabled) { customClaims.AddRange(_anonymousTokensConfig.EnabledClientFlags.Select(clientFlag => new Claim(VerificationClaims.AnonymousToken, clientFlag))); } return(customClaims); } catch (Exception e) { _logger.LogError(e, "Error encountered when attempting to verify user infection status"); return(new [] { new Claim(DkSmittestopClaims.Covid19Status, DkSmittestopClaims.StatusValues.Unknwon) }); } }
public async Task <IEnumerable <Claim> > GetCustomClaims(ClaimsPrincipal subject, IEnumerable <string> requestedClaims) { var originalClaims = subject.Claims.ToList(); var pseudonym = originalClaims .FirstOrNone(x => x.Type == InternalClaims.Pseudonym) .Map(x => x.Value) .ValueOr(subject.Identity.Name); var nationalIdentifierClaim = originalClaims.FirstOrNone(x => x.Type == InternalClaims.NationalIdentifier); var verificationClaims = new List <Claim>(); if (VerificationResult.RequestedClaimsRequiresVerification(requestedClaims)) { try { var verificationResult = await nationalIdentifierClaim.MatchAsync( none : async() => { var isPinVerified = originalClaims .FirstOrNone(x => x.Type == InternalClaims.PinVerified) .Map(x => x.Value == "true") .ValueOr(false); return(isPinVerified ? await _mediator.Send(new VerifyPinUser.Command(pseudonym)) : new VerificationResult()); }, some : natIdent => _mediator.Send(new VerifyIdentifiedUser.Command(natIdent.Value, pseudonym))); verificationClaims.AddRange(verificationResult.GetVerificationClaims()); } catch (Exception e) { _logger.LogError(e, "Error encountered when attempting to verify user infection status"); verificationClaims.Add(new Claim(DkSmittestopClaims.Covid19Status, DkSmittestopClaims.StatusValues.Unknwon)); } } ; return(verificationClaims); }